Welcome to the 2025 Identity Security Workshop!

Verifying identity is essential to delivering secure and reliable access to government services. But growing fraud threats, outdated systems, and rising demand for seamless digital experiences are forcing agencies to revisit their current approach. This session will look at how federal leaders are strengthening identity programs to keep pace. Topics will include updated proofing standards, improved integration across platforms, and ongoing enhancements to tools like Login.gov. Speakers will also explore how identity efforts support broader security goals such as Zero Trust, and how agencies are preparing for what comes next, including machine access and emerging risks.

With the majority of cyberattacks now targeting user identities, federal agencies must strengthen authentication measures and closely monitor access patterns to safeguard critical systems. This session will explore strategies for reducing identity-related risks, from implementing phishing-resistant multi-factor authentication to leveraging AI-driven anomaly detection. Attendees will gain practical insights for improving identity governance, preventing insider threats, and building a stronger security culture to protect sensitive data and maintain mission readiness.

Following key Zero Trust milestones that were set for the end of FY24, agencies in 2025 ​have been shifting focus to implementation, integration, and measurement. Yet many must do so without additional resources or staff, making it critical to scale securely and efficiently.​ This session explores how agencies are putting Zero Trust into action while navigating cloud expansion, generative AI, and legacy system challenges. How are they applying identity- and context-based security across dynamic workloads, LLMs, and edge environments? And what does it take to build a unified architecture across platforms?

Today’s security strategy is not about building higher walls when the adversary is using a valid credential to walk in.  Identity is the new attack surface.  Adversaries are bypassing traditional perimeter defenses and targeting identities to move laterally, escalate privileges, and compromise federal systems at ever increasing speed.  Protecting identities is no longer optional; it’s foundational to Zero Trust.  And when we are talking about national security systems, critical infrastructure and citizen data, the  game of “catch me if you can” becomes a national priority.

Join Jeff Worthington, Executive Strategist at CrowdStrike and retired Army Colonel, for a fast-paced 15-minute session exploring how identity protection is the frontline of modern cybersecurity. Co-sponsored by AWS, this webinar will highlight how agencies can integrate identity-centric controls into their Zero Trust strategy — aligned with the ZTAG-I (Zero Trust Accelerator for Government) principles — to stay ahead of adversaries and meet evolving federal mandates.

You’ll leave with:

• A clear understanding of why identity is the most targeted and least defended layer in many federal environments
• Strategies to detect and stop identity-based attacks before they escalate
• Guidance on integrating CrowdStrike’s real-time identity and endpoint protection and AWS Zero Trust services to build a resilient, scalable architecture
• Alignment with NIST 800-207, EO 14028, and DoD Zero Trust Strategy objectives

Identity IS the new perimeter. You must protect it now.

Effective identity verification is critical to secure service delivery, but it must also be accessible and equitable. This session will explore how agencies are rethinking identity workflows to prioritize security, usability, and inclusion. Drawing on real-world examples from public benefits, travel, trademarks, and tax systems, panelists will examine how identity strategies can balance risk with user experience. The discussion will highlight how customer experience principles are shaping identity solutions that better serve all users, particularly those in underserved or hard-to-reach communities.

Citizens, Residents, Business Partners and Employees all want or need to access the digital resources of today’s organizations; and those businesses, government services, schools, and employers want them to effectively and productively do just that. But can the organization be sure that the attempt is truly a friend? We’ll explore how it is possible to associate an access attempt with the digital identity that represents the true friends to your organization. Furthermore we’ll look at how knowing your true friends better can take their experience to the next level. Implementation of Zero Trust, in a way where your users feel fully empowered without compromising your organizational security posture. Your takeaways will include a pointed list of key technological considerations for your users’ digital experiences.

As artificial intelligence advances, so do the threats it enables. Deepfake technology and AI-generated synthetic identities are blurring the lines between real and fake, complicating the government's ability to authenticate users and prevent fraud. This session will explore how agencies are working to detect and mitigate AI-enabled threats, develop resilient identity verification frameworks, and stay ahead of evolving attack vectors targeting public-facing services. Speakers will share insights into detection tools, cross-agency collaboration, and how AI can be part of the solution—not just the threat.

In today’s threat landscape, threat actors exploit every unused, overprivileged, or unmonitored account to gain persistence and move laterally.  Leaving privileges behind fuels threat actors in their cyberattacks.  This session explores how continuous discovery, enforcement of least privilege, and holistic visibility is essential to disrupt and prevent identity-related attacks.  

Thank you for attending the 2025 Identity Security Workshop!